Added by Sebastian Gonzalez Oyuela, last edited by Gianluca Brigandi on Jan 20, 2009  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Leverages a relational database system (RDBMS) resource as a provider of user and entitlement information.

Datasource Identity Store

DataSource based implementation of a database Identity and Credential store that retrieves user information from a JNDI DataSource. The datasource must be defined within the container where the JOSSO Gateway is deployed. When using custom SQL queries make sure that aliases names are kept as-is.

Component Properties

Properties
dsJNDIName The JNDI name of the DataSource . java:/jdbc/MyDataSource
userQueryString SQL query for validating user existence SELECT MY_USER AS NAME FROM MY_USER_TABLE WHERE MY_USR = '?'
rolesQueryString SQL query for retrieving user roles SELECT MY_ROLE AS ROLE FROM MY_USER_ROLES_TABLE WHERE MY_USER = '?'
userPropertiesQueryString SQL query for retrieving user properties SELECT MY_PROP_NAME AS NAME, MY_PROP_VALUE AS VALUE FROM MY_USER_PROPS WHERE MY_USERNAME = ?
credentialQueryString SQL query used for retrieving user credentials.
The query should provide credentials values that match the ones expected from the consuming authentication scheme.
For suppling a username and password set for simple authentication the following SQL query may be used 		SELECT MY_USER AS USERNAME, MY_PWD AS PASSWORD FROM MY_USER_TABLE WHERE MY_USER ='?'
resetCredentialDml DML for storing the user password for new users. UPDATE MY_USER SET PASSWORD = ? WHERE USERNAME = ?
relayCredentialQueryString SQL query for retrieving a username based on a secondary or relay credential, like the user email. The #?# expression will be substituted with the credential type name. SELECT LOGIN FROM MY_USER WHERE #?# = ? , SELECT LOGIN FROM MY_USER WHERE EMAIL = ?

Sample Datasource Component Definition

josso-gateway-stores.xml
<db-istore:datasource-store
            id="josso-identity-store"
            dsJndiName="java:/DefaultDS"
            userQueryString="SELECT LOGIN AS NAME FROM JOSSO_USER WHERE LOGIN = ?"
            rolesQueryString="SELECT NAME AS ROLE FROM JOSSO_USER_ROLE WHERE LOGIN = ?"
            credentialsQueryString="SELECT LOGIN AS USERNAME, PASSWORD FROM JOSSO_USER WHERE LOGIN = ?"
            userPropertiesQueryString="SELECT NAME, VALUE FROM JOSSO_USER_PROPERTY WHERE LOGIN = ?"
            resetCredentialDml="UPDATE JOSSO_USER SET PASSWORD = ? WHERE LOGIN = ?"
            relayCredentialQueryString="SELECT LOGIN FROM JOSSO_USER WHERE #?# = ?"
            />

JDBC Identity Store Configuration

Database Identity and Credential Store that retrieves user and entitlement information from a database resource using JDBC.

Component Properties

Properties
connectionName The username for establishing the database connection. myUsername
connectionPassword The password for establishing the database connection. myPasswd
connectionURL The JDBC-driver specific endpoint of the database instance. jdbc:oracle:thin:@localhost:1521:myDataBase
driverName The FQCN of the JDBC driver to use. oracle.jdbc.driver.OracleDriver
userQueryString SQL query for validating user existence SELECT MY_USER AS NAME FROM MY_USER_TABLE WHERE MY_USR = '?'
rolesQueryString SQL query for retrieving user roles SELECT MY_ROLE AS ROLE FROM MY_USER_ROLES_TABLE WHERE MY_USER = '?'
userPropertiesQueryString SQL query for retrieving user properties SELECT MY_PROP_NAME AS NAME, MY_PROP_VALUE AS VALUE FROM MY_USER_PROPS WHERE MY_USERNAME = ?
credentialQueryString SQL query used for retrieving user credentials.
The query should provide credentials values that match the ones expected from the consuming authentication scheme.
For suppling a username and password set for simple authentication the following SQL query may be used 		SELECT MY_USER AS USERNAME, MY_PWD AS PASSWORD FROM MY_USER_TABLE WHERE MY_USER ='?'
resetCredentialDml DML for storing the user password for new users. UPDATE MY_USER SET PASSWORD = ? WHERE USERNAME = ?
relayCredentialQueryString SQL query for retrieving a username based on a secondary or relay credential, like the user email. The #?# expression will be substituted with the credential type name. SELECT LOGIN FROM MY_USER WHERE #?# = ? , SELECT LOGIN FROM MY_USER WHERE EMAIL = ?

Sample Component Definition

josso-gateway-stores.xml
<db-istore:jdbc-store
            id="josso-identity-store"
            driverName="com.mysql.jdbc.Driver"
            connectionURL="jdbc:mysql://localhost:3306/josso"
            connectionName="root"
            connectionPassword="sago4"
            userQueryString="SELECT LOGIN AS NAME FROM JOSSO_USER WHERE LOGIN = ?"
            rolesQueryString="SELECT NAME AS ROLE FROM JOSSO_USER_ROLE WHERE LOGIN = ?"
            credentialsQueryString="SELECT LOGIN AS USERNAME, PASSWORD FROM JOSSO_USER WHERE LOGIN = ?"
            userPropertiesQueryString="SELECT NAME, VALUE FROM JOSSO_USER_PROPERTY WHERE LOGIN = ?"
            resetCredentialDml="UPDATE JOSSO_USER SET PASSWORD = ? WHERE LOGIN = ?"
            relayCredentialQueryString="SELECT LOGIN FROM JOSSO_USER WHERE #?# = ?"
            />